Adobe leak: Cracking Ross Ulbricht's password

1. From: http://krebsonsecurity.com/2013/11/no-bail-for-alleged-silk-road-mastermind/
2. http://krebsonsecurity.com/wp-content/uploads/2013/11/Ex-D-Dominica-application.pdf
3.  
4. Looking at Ross Ulbricht's application for citizenship in Dominica and you'll find his mail: rossulbricht@gmail.com
5.  
6. Searching for this mail in the leaked Adobe database and you get one hit:
7. +-----------+------------------------+--------------------------+------+
8. | Id | Mail | Pass | Hint |
9. +-----------+------------------------+--------------------------+------+
10. | 105817612 | rossulbricht@gmail.com | FReA1y3IWOfioxG6CatHBw== | |
11. +-----------+------------------------+--------------------------+------+
12.  
13. Because Adobe encrypted the password in ECB mode, I can see that the length of the password is exactly 8 char long [1].
14.  
15. His password encrypted: \x15\x17\x80\xD7\x2D\xC8\x58\xE7
16. "\x00 + padding" block: \xE2\xA3\x11\xBA\x09\xAB\x47\x07
17.  
18. However searching for anyone with the same password comes up empty (he must have used a "strong" password), so unless someone finds the key Adobe used to encrypt his password, we will never know what password he used.
19.  
20. [1] If the length of his password was less than 8 char, then there would only be one block, and if the length of his password was longer than 8 char, then the last block would look different (compare the last part of his password with the last part of the most used passwords: http://stricture-group.com/files/adobe-top100.txt and you'll see).